0000 MAMAMAMAXIMXIMXIMXIMXIMUUUUUMMMPPPPCCC XXXXXXX XXXXXXX 20072007
In the end, our experiment taught us several lessons. The Old-
Timer certainly knows how to stick it to the Man, who in this case
was the test administrator. The Crusader proved his point that
parental-control software is no substitute for personally partici-
pating in your child’s Internet activity. And the Upstart proved he
hasn’t lost much of his edge since joining the workforce.
We also learned that there are multiple ways around these
so-called safeguards, especially when the apps don’t encourageparents to create limited user accounts for their children. All it takes
is a little ingenuity and a steadfast spirit to outsmart a piece of soft-
ware (and the person who installed it). So while our tests might have
exposed ways to make the applications either more effective or bet-
ter at detecting tampering, there are likely to be ways around even
those measures, so you really shouldn’t rely on a piece of software
to keep your kids safe online. To see how Vista’s OS-based parental
controls change the equation, see page 64.WHAT WE LEARNED
SAFE EYES
If the guys break through this app’s
restraints will they go blind?With Safe Eyes ( $50/yr for three PCs, http://www.
safeeyes.com ) you create different accounts
for different users. The account the edi-
tors had access to restricted all the typical
off-limits categories—adult, drugs, nudity,
etc.—with a popup warning. An icon in the
Windows taskbar opens a log of all activ-
ity, which can be viewed by anyone but
changed only by the administrator.
Naturally, this application was a cakewalk
for the Old-Timer, who used the administra-
tor’s password to surf to his heart’s content
and collect proof of his exploits.
The Upstart utilized the power of Google,
searching for “safeeyes proxy.” That pointed
him in the direction of a helpful web proxy
that allowed him to access illicit sites without
being stopped by Safe Eyes. And since Safe
Eyes leaves the Logs folder in its directory,
the Upstart easily eliminated his tracks. To
confuse the admin, he copied the log from
the previous day over the current day’srecords, making it look like the
program was screwing up and
listing identical logs for two days.
Unfortunately for him, the adminis-
trator was not fooled by the bogus
log and recognized it as proof of
his tampering.
The Crusader’s breach was
fl awless: First, he browsed
some innocuous sites to gener-
ate a browsing history. Then he
opened the app’s Logs directo-
ry—which was cleverly hidden
(not!) at C:\Program Files\Internet Content
Filter\logs—and write-protected it, so it
wouldn’t record his shenanigans. At the
same time, he confi gured the fi rewall to
block outbound packets from the Safe
Eyes app, which would prevent it from
sending emails to the administrator, which
might encourage closer scrutiny.
After testing Safe Eyes’s boundaries
and discovering that it relied on a Winsock
plugin, the Crusader tried to download
the LSPfi x utility but was foiled by Safe
Eyes. It took another two minutes to fi nd
an unblocked mirror, and the app was dis-abled momentarily. By disabling the auto-
start for SafeEyes, the Crusader was able
to reboot and surf unrestrained by fi lters.
But what happened when the admin
returned? All that needed to be done was
restart the Safe Eyes executable, which
kindly repaired all the damage done by the
Crusader’s escapades, without a hint that
the app had been disabled for hours.
In all fairness to Safe Eyes, you
can opt for the log to be kept online,
as opposed to in the Program
Files, but the latter was the
default option.Porn by proxy, literally. A simple Google
search revealed a web site from which to surf
out of Safe Eyes’s sight.spent the whole day outdoors.” (A highly
implausible excuse, but OK.)
Relying on his social-engineering hack,
the Old-Timer guessed correctly that the
administrator would use the same pass-
word. (For shame!) Having learned the Ctrl
+ Alt + F5 sequence from his comrade—fair,
since kids do talk—he found the control
panel, entered the password, and was
in. In his words: “I deleted all of the logs,
cruised for porn, cleared my trail in IE, and
decided to lay a smoke screen by brows-
ing goody-two-shoes content—Harvard
Admissions, Habitat for Humanity, etc.
I manually searched for and deleted the
screenshots that showed me starting upthe program and typing in the password,
but I found myself trapped. If I switched the
program on, it would record the screenshot
of the control panel—a very suspicious clue
indeed, and one that would certainly have
the administrator changing her password
(can’t have that!). I decided to leave the pro-
gram in the off mode and believed that on
the reboot, it would restart. Unfortunately, it
didn’t restart after a reboot. If it did, I could
have then restarted in safe mode and delet-
ed the last few screen grabs manually.”
So, yes, the Old-Timer defeated
the app, but not without a trace.
The Crusader took about 30
minutes with this one. He explains,“I found a list of offending processes using
the Interweb, then killed the two renamed
processes using Task Manager. Also, I built
a convincing trail of sites, so the adminis-
trator wouldn’t suspect I’d done anything
wrong.” He was unaware of the videolog,
which showed his Google searches and
Task Manager activity, but there was
no hard evidence that he had actually
tampered with the program, and
the innocuous web log provided
a convincing enough cover.32 MAXIMUMPC JULY 2007
UNLOCKED!UNLOCKED!MAXIMUMPC
CHALLENGEANOTHER